Many cryptocurrency users know of the benefits of cold storage on a hardware wallet. They know that this is one of the most convenient ways in order to store your coins in an offline environment.
However, when you are purchasing your hardware wallet, it is highly recommend that you only buy it from the official retailer itself. As with anything in life, if you cut corners on price you run the risk of a scam.
This is exactly what happened to an unfortunate cryptocurrency user who had purchased his ledger Nano S from an Ebay seller. The listing was at a 25% discount from the official price so he thought that he was getting a bargain.
Unfortunately for the buyer, when the Ledger Nano arrived, there was something amiss. Being new to the concept of seed words the buyer did not notice the potentially lethal flaw.
Use of Pre-generated seed
The Fraudulent Seed Card – Image Source
When the ledger arrived, it appeared to be in order as it came sealed in the Ledger Nano box. However, when the user opened the box he saw that the device was ready to use and there was a seed word card that was covered with tin foil.
Users who have ever generated a wallet from seed words before will know that the wallet itself will generate the seed words. These will be saved by the user for potential recovery later. Hence, this would immediately have set alarm bells ringing.
Unfortunately for the user, he did not notice this and entered his ledger with the pre-generated seed. He then proceeded to transfer about £25,000 worth of coins onto his ledger. This was left for over a week as he thought that his coins were safe.
Scammer Swept in
What the user did not know was that the wallet had already been set up by the scammer with those seed words. Hence, the scammer could just as easily use the recovery seed to gain control of the wallet. This is exactly what happened.
Moreover, they tricked the user by placing the seed words under the foil. This created the illusion of security that the user thought there may have been with his cryptocurrency holdings.
When the victim went back to look at the gains that he had on the coins, he discovered that they were gone. He reached out to the Ledger support team on their subreddit.
Many were really sympathetic to the plight of the victim with the CEO of Ledger even responding to the post with a suggested course of action.
We’ll put you in touch with our General Counsel so we can help you file a formal criminal complaint and bring the eBay seller to justice
Unfortunately, there is very little the victim could realistically do to recover the coins as all transaction are immutable. However, as was suggested by many in the comments, he could take note of the seller’s information and hand it over to the police.
The only hope is that Ebay is able to provide the authorities with enough information about the account in order for them to follow reasonable leads. Barring that, the user may want to set up bounty and see if there are some white hat hackers willing to help.
Indeed, after the victim made his experience known, a number of other users came forward on Reddit forums as they found the instructions for the wallet suspicious. For example, this user also reached out asking whether there was something that was wrong with his ledger.
Lessons to be Learned
One of the most important lessons that one can learn from this sad occurrence is that you should rarely trust a third party sellers on marketplaces such as Amazon and Ebay with cryptocurrency security. This is particularly true when the price of hardware is at such as discount.
Moreover, if you are new to cryptocurrencies and are setting up your device for the first time then you should read the official guidelines that are presented on the manufacturer’s website. If there is something that feels amiss, you should make sure it is not malicious.
One can only hope that the victim is able to get some justice for his loss, but hopefully his experience will help others avoid this trap.
Featured Image via Fotolia